With two years until its 2027 zero trust deadline, the Pentagon is revving up its cybersecurity efforts, with plans for a new strategy, detailed guidance, and the review of dozens of “granular” action plans for defense organizations. 

“We’re 24 months away from our deadline of the end of fiscal ‘27 to hit target level ZT,” which is a baseline ability to secure the Defense Department’s data, applications, assets, and services, Randy Resnick, who leads the Pentagon’s zero trust efforts, said Wednesday at the Billington Cybersecurity Summit. 

Zero trust is a cybersecurity concept that assumes hackers are already inside networks, so the focus is on continuously verifying all users and devices that connect to the network. 

The Pentagon formally created the zero trust portfolio management office in July to lead implementation and define the mission, roles, and authorities to update the Defense Department’s cybersecurity infrastructure to defend against modern threats. That office, which Resnick leads, is reviewing “granular information from the components on exactly what their plan is,” including details like what they’re going to buy, at what level, how it will be installed, and expected number of users. Annual plans are expected by November. 

Read on Defense One »